azure-managed-identity

Access Key Vault from local Service Fabric cluster with MSI

怎甘沉沦 提交于 2019-11-30 15:35:15
I want to access the Key Vault from my Service Fabric application via Managed Service Identity (MSI). I have enabled MSI on the virtual machine scale set in the Azure Portal and given it access to my Key Vault resource. This works like a charm up in the cloud. However, I am having problems with my local develop environment. As far as I understand, I can grant myself access to the Key Vault and run az login in Azure CLI. Alas, this doesn't work when running the application in a local Service Fabric cluster. I assume it is because a local cluster runs under the NETWORK SERVICE account. How can I

Azure Keyvault add Function MSI via ARM

泄露秘密 提交于 2019-11-30 14:29:08
I think Managed Service Identity is a great concept and I love keyvault. However: When I use the script using an incremental resource group deployment: Sample is modified for brevity { "type": "Microsoft.KeyVault/vaults", "name": "[parameters('keyvaultName')]", "apiVersion": "2015-06-01", "properties": { "accessPolicies": [ { "objectId": "[reference(parameters('functionAppName'), '2016-08-01', 'Full').identity.principalId]", "permissions": { "keys": [], "secrets": [ "Get" ] } } ] }, "dependsOn": [ "[resourceId('Microsoft.Web/sites', parameters('functionAppName'))]" ] }, { "apiVersion": "2016

How to use MSI for development in visual studio?

时光怂恿深爱的人放手 提交于 2019-11-30 02:44:35
问题 I need to get access to my Key Vault during development and debugging. Is it possible via using managed service identity? I see that my code can get this credentials when the app is deployed on VM, but what if I need them during development on my local workstation? 回答1: As of Visual Studio 2017 15.8.something, the extension which juunas mentioned is built into Visual Studio. Tools -> Options -> Azure Service Authentication -> Account Selection 回答2: One way is to install the 2.0 Azure CLI, and

MSI Permissions for Graph API

核能气质少年 提交于 2019-11-27 23:18:38
My question is, do we have any documented method of granting a Manage Service Identity permissions to the Graph API as we would with an Azure App Registration in the portal? I was unable to find any Powershell options or ability to manage permissions for the MSI service principal in the Azure Portal or documentation. I found a similar question on MSDN forums, but wanted to make sure there were not any further updates or workarounds that anybody knew of? MSDN Forum Post: https://social.msdn.microsoft.com/Forums/azure/en-US/dae34534-f193-4444-b52e-ba9cfa4a1fda/does-azure-msi-support-accessing